Is there any option to configure a trust when the domains are NOT in the same forest? Has
anyone tried this yet, maybe with kerberos?
I have an implementation where the stalling factor is going to be cross-forest one-way
trusts, would be keen to find out if anyone else has tried this.
On 15 Aug, 2016, at 04:17, Jakub Hrozek <jhrozek(a)redhat.com>
On Fri, Aug 12, 2016 at 04:51:41PM -0700, Guy Knights wrote:
> Can anyone confirm for me if SSSD supports authentication of users
> belonging to a trusted domain via an AD controller in the trusting domain?
> ie. A user attempts to log in as fred(a)test1.example.com on a client machine
> running SSSD, where SSSD has joined a domain test2.example.com
and there is
> a 2-way forest trust between both domains. Is this supported? I've been
> trying to do so and so far it hasn't been working.
As long as the two domains are in the same forest, then yes, you just
need to use the fully qualified name.
> For the record, my setup is:
> AD controller domain test1: Windows server 2012 R2
> AD controller domain test2: Windows server 2012 R2
> Ubuntu 14.04 client running SSSD 1.12.5
But I would recommend to use something newer on the client side (1.13+)
sssd-users mailing list